<?
/**
 * Refactored to work the way PHP intended.
 * dpinit calls session_start() to kick things off.
 * Then the following happens...
 * php calls-back "session_open()" which always is noop.
 * php gets the cookie-sid or makes up a new one.
 * php calls-back "session_read() with it.
 * The database is queried with this key.
 * If a live session is found, the related userid is grabbed, and an attempt is made to create $User.
 * If no live session is found, or the key was null, "" is returned. Else the session $value is returned.
 * On the client side, the cookie is refreshed with the (perhaps new) $sid.
 * $User is dealt with elsewhere. Session logic doesn't know anything about data content.
 *

*/

ini_set('session.name',            'DP_Session' );
ini_set('session.use_cookies',     1 );
ini_set('session.cookie_domain',   '' ); // A sensible value will be used.
ini_set('session.cookie_lifetime', 2 * ONE_DAY);
ini_set('session.bug_compat_warn', 0 );

session_set_save_handler(
    "dp_session_open",
    "dp_session_close",
    "dp_session_read",
    "dp_session_write",
    "dp_session_destroy",
    "dp_session_garbage_collect"
);

// -----------------------------------------------------------------------------

// for initialization, which we don't need.
function dp_session_open()
{
	return true;
}




function dp_session_close()
{
	return true;
}






// returns a (possibly empty) string
function dp_session_read($sid)
{
	global $DpDb;

    assert(isset($DpDb));
	$sql = "SELECT value FROM sessions
            WHERE sid = '$sid'";
	$data = $DpDb->SqlOneValue($sql);

	if(empty($data)) {
        return "";
    }

    setcookie(ini_get('session.name'),
        $sid,
        time() + ini_get('session.cookie_lifetime'));
    return $data;
}





// return true or false
// $value must reflect $_SESSION.
function dp_session_write($sid, $value)
{
	global $DpDb;

    // unacceptable hack - 
    // find out what happens to $DpDb
    // on new dpcan site.

    if(!isset($DpDb)) {
		require_once 'DpDbClass.inc';
		$DpDb = new DpDb();
    }
	assert(isset($DpDb));
	if(empty($value)) {
        if(!empty($sid)) {
            $sql = "DELETE FROM sessions
                    WHERE sid = '$sid'";
            $DpDb->SqlExecute($sql);
        }
		return true;
    }
		
	$lifetime = ini_get("session.gc_maxlifetime");
	$value = addslashes($value);

	$sql = "SELECT sid FROM sessions
            WHERE sid = '$sid'";

	$is = $DpDb->SqlOneValue($sql);
	if($is) {
		$sql = "
            UPDATE
                sessions
            SET
                expiration = UNIX_TIMESTAMP() + $lifetime,
                value = '$value'
            WHERE
                sid = '$sid'";
        $DpDb->SqlExecute($sql);
	}
    elseif(! empty($value)) {
        $sql = "
            INSERT INTO sessions
            (   sid,
                expiration,
                value
            )
            VALUES
            (   '$sid',
                UNIX_TIMESTAMP() + $lifetime,
                '$value'
            )";
        $DpDb->SqlExecute($sql);
	}
	return true;
}




function dp_session_garbage_collect($lifetime)
{
	global $DpDb;
    assert(isset($DpDb));
	$sql = "DELETE FROM sessions
            WHERE expiration < UNIX_TIMESTAMP()";
	return $DpDb->SqLExecute($sql);
}








function dp_session_destroy($sid)
{
	global $DpDb;
    assert(isset($DpDb));
	if(!empty($sid)) {
		$sql = "DELETE FROM sessions
	            WHERE sid = '$sid'";
		$DpDb->SqlExecute($sql);
	}
}

?>
